Risk and Internal Controls Manager

Posting Description:
**Risk and Internal Controls Manager**:
Do you have extensive experience in risk management and internal controls in an Insurance environment? We're hiring

Aon South Africa is recruiting a Risk and Internal Controls Manager, based on a hybrid basis in our Head Office in Sandton. The Risk and Internal Controls Manager is responsible for risk management, internal control, data protection, data processing and selected compliance and governance matters for Aon South Africa and Aon Reinsurance South Africa.

**Aon is in the business of better decisions**:
At Aon, we shape decisions for the better to protect and enrich the lives of people around the world.

As an organization, we are united through trust as one inclusive team, and we are passionate about helping our colleagues and clients succeed.

**What the day will look like**:
Review, improve and maintain the internal control environment.

Perform Internal Audit function, scope, planning, testing and reporting, including risk management and control management over operations effectiveness, financial reliability and compliance with applicable directives and regulations

Work in collaboration with EMEA Internal Audit and EMEA risk management on specific matters.

Work in collaboration with EMEA Privacy on specific matters

Review, Improve and Monitor business process control in placement process to adhere to minimum Group requirements and have ability to influence business stakeholders to achieve objectives.

Support the global Sox program where applicable.

Ensure COBIT Compliance for South Africa

Manage risks, including regulatory risks, to the business by ensuring adherence to policies and supporting procedures.

**Data Protection and Data Processing**

Support the Data Protection Lead (“DPL”) with understanding & documenting how each area of the business handles personal data, special personal data and information of children including data flows / cross border data transfers.

Support the local compliance team to drive and embed data privacy requirements.

Conduct adhoc or annual reviews and/or updates to the Records of Processing template for each respective business area;

Continually review systems, both manual and computerised, to understand route for collection, processing, storage and destruction of data for each of the service areas

Support with building and maintaining a culture of data management & data protection best practice within the company. This includes appointing, regularly meeting with and training Privacy Champions

Support the COO with leading a data protection risk committee consisting of senior leadership in their area.

Support the DPL to create and complete annual plans to meet objectives set by the Global Privacy Office. This includes annual data privacy self-assessments & remediation of any findings.

Assist with the embedment and maintenance of data retention and destruction processes.

Audit policy for retention and destruction of manual records and soft copies in a controlled and appropriate manner.

Create “best practice” guidance and standard operating procedures relevant to GDPR / POPIA and data protection.

Appropriately manage and report on data protection risks & issues that may arise, asking for support from the local or Global Privacy Office where needed.

Support the DPL with development & maintenance of processes to respond to data breaches and to handle data protection related requests from clients/individuals.

Support the Global and local Privacy Office and/or Data Protection Officer and /or Data Protection Lead with regular board reporting and training

Maintain Risk Management framework for organisation

Define and implement a risk appetite statement and monitor compliance thereof.

Enterprise Risk Management

Conduct risk assessments and develop key risk indicators to monitor exposure from a risk point of view (strategic and operational level)

Ensure compliance with FAIS and POPIA

Prepare Exco, Board and Risk Committee packs

**General**

Understand and follow the Aon Leadership Model and 3x3 Plan and take ownership of personal development.

Other duties and projects as assigned.

**How this opportunity is different**:
What makes Aon different are the people and the culture. Aon colleagues support each other, across geographies and solution lines. Aon has the tools plus depth and breadth of experience to drive great outcomes for our clients, while providing the optimal environment for the career and personal growth of our colleagues.

**Skills and experience that will lead to success**:
**Qualifications.**
- Be in possession of Grade 12 (Matric)
- Must have a Risk Management degree with minimum of 8 years’ experience.
- CRM and CERA or IRMSA certifications preferable

**Knowledge.**
- Sound up to date knowledge on The International Professional Practice Framework for Internal Audit Effectiveness
- Sound and up to date knowledge risk management practices, guides and reporting
- Sou